async def setup_planning_test(executor, ability, agent, operation, data_svc, event_svc, init_base_world): texecutor = executor(name='sh', platform='darwin', command='mkdir test', cleanup='rm -rf test') tability = ability(ability_id='123', executors=[texecutor], repeatable=True, buckets=['test'], name='test1') tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin', server='http://127.0.0.1:8000') tsource = Source(id='123', name='test', facts=[], adjustments=[]) toperation = operation(name='test1', agents=[tagent], adversary=Adversary(name='test', description='test', atomic_ordering=[], adversary_id='XYZ'), source=tsource) cexecutor = executor(name='sh', platform='darwin', command=test_string, cleanup='whoami') cability = ability(ability_id='321', executors=[cexecutor], singleton=True, name='test2') await data_svc.store(tability) await data_svc.store(cability) await data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text')) yield tability, tagent, toperation, cability
def setup_rest_svc_test(loop, data_svc): BaseWorld.apply_config(name='main', config={'app.contact.http': '0.0.0.0', 'plugins': ['sandcat', 'stockpile'], 'crypt_salt': 'BLAH', 'api_key': 'ADMIN123', 'encryption_key': 'ADMIN123', 'exfil_dir': '/tmp'}) loop.run_until_complete(data_svc.store( Ability(ability_id='123', test=BaseWorld.encode_string('curl #{app.contact.http}'), variations=[], executor='psh', platform='windows')) ) loop.run_until_complete(data_svc.store( Ability(ability_id='456', test=BaseWorld.encode_string('whoami'), variations=[], executor='sh', platform='linux')) ) loop.run_until_complete(data_svc.store( Ability(ability_id='789', test=BaseWorld.encode_string('hostname'), variations=[], executor='sh', platform='linux')) ) adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[]) loop.run_until_complete(data_svc.store(adversary)) agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows') loop.run_until_complete(data_svc.store(agent)) loop.run_until_complete(data_svc.store( Objective(id='495a9828-cab1-44dd-a0ca-66e58177d8cc', name='default', goals=[Goal()]) )) loop.run_until_complete(data_svc.store( Planner(planner_id='123', name='test', module='test', params=dict()) )) source = Source(id='123', name='test', facts=[], adjustments=[]) loop.run_until_complete(data_svc.store(source)) loop.run_until_complete(data_svc.store( Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source) )) loop.run_until_complete(data_svc.store( Obfuscator(name='plain-text', description='Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text') ))
def setup_planning_test(loop, ability, agent, operation, data_svc, init_base_world): tability = ability(ability_id='123', executor='sh', platform='darwin', test=BaseWorld.encode_string('mkdir test'), cleanup=BaseWorld.encode_string('rm -rf test'), variations=[]) tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin') tsource = Source(id='123', name='test', facts=[], adjustments=[]) toperation = operation(name='test1', agents=tagent, adversary=Adversary(name='test', description='test', atomic_ordering=[], adversary_id='XYZ'), source=tsource) loop.run_until_complete(data_svc.store(tability)) loop.run_until_complete(data_svc.store( Obfuscator(name='plain-text', description='Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text') )) yield tability, tagent, toperation
def test_source(loop, mocker, mock_time): with mocker.patch( 'app.objects.secondclass.c_fact.datetime') as mock_datetime: mock_datetime.return_value = mock_datetime mock_datetime.now.return_value = mock_time fact = Fact(trait='test_fact', value=1) rule = Rule(RuleAction.ALLOW, trait='test_rule') relationship = Relationship(source=fact, edge="alpha", origin="test_operation") source = Source(id='123', name='Test Source', facts=[fact], rules=[rule], adjustments=[], relationships=[relationship]) loop.run_until_complete( BaseService.get_service('data_svc').store(source)) return source
def test_create_relationship_source_fact(self, event_loop, ability, executor, operation, knowledge_svc): test_executor = executor(name='psh', platform='windows') test_ability = ability(ability_id='123', executors=[test_executor]) fact1 = Fact(trait='remote.host.fqdn', value='dc') fact2 = Fact(trait='domain.user.name', value='Bob') relationship = Relationship(source=fact1, edge='has_admin', target=fact2) link1 = Link(command='echo "Bob"', paw='123456', ability=test_ability, id='111111', executor=test_executor) operation = operation(name='test-op', agents=[], adversary=Adversary(name='sample', adversary_id='XYZ', atomic_ordering=[], description='test'), source=Source(id='test-source', facts=[fact1])) event_loop.run_until_complete(operation._init_source()) event_loop.run_until_complete( link1.create_relationships([relationship], operation)) link2 = Link(command='echo "Bob"', paw='789100', ability=test_ability, id='222222', executor=test_executor) event_loop.run_until_complete( link2.create_relationships([relationship], operation)) fact_store_operation_source = event_loop.run_until_complete( knowledge_svc.get_facts(dict(source=operation.source.id))) fact_store_operation = event_loop.run_until_complete( knowledge_svc.get_facts(dict(source=operation.id))) assert len(fact_store_operation_source) == 1 assert len(fact_store_operation) == 1 assert len(fact_store_operation_source[0].collected_by) == 2
def setup_rest_svc_test(loop, data_svc): BaseWorld.apply_config(name='default', config={'app.contact.http': '0.0.0.0', 'plugins': ['sandcat', 'stockpile'], 'crypt_salt': 'BLAH', 'api_key': 'ADMIN123', 'encryption_key': 'ADMIN123', 'exfil_dir': '/tmp'}) loop.run_until_complete(data_svc.store( Ability(ability_id='123', test=BaseWorld.encode_string('curl #{app.contact.http}'), variations=[])) ) loop.run_until_complete(data_svc.store( Adversary(adversary_id='123', name='test', description='test', phases=[])) ) loop.run_until_complete(data_svc.store( Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0) )) loop.run_until_complete(data_svc.store( Planner(planner_id='123', name='test', module='test', params=dict()) )) loop.run_until_complete(data_svc.store( Source(identifier='123', name='test', facts=[]) ))
def op_with_learning_and_seeded(ability, adversary, operation_agent, parse_datestring): sc = Source(id='3124', name='test', facts=[Fact(trait='domain.user.name', value='bob')]) op = Operation(id='6789', name='testC', agents=[], adversary=adversary, source=sc, use_learning_parsers=True) # patch operation to make it 'realistic' op.start = parse_datestring(OP_START_TIME) op.adversary = op.adversary() op.planner = Planner(planner_id='12345', name='test_planner', module='not.an.actual.planner', params=None) op.objective = Objective(id='6428', name='not_an_objective') t_operation_agent = operation_agent t_operation_agent.paw = '123456' op.agents = [t_operation_agent] return op
async def create_fact_source(): source_id = str(uuid.uuid4()) source_name = 'blue-pid-{}'.format(source_id) return Source(id=source_id, name=source_name, facts=[])
async def load_source_file(self, filename, access): for src in self.strip_yml(filename): source = Source.load(src) source.access = access await self.store(source)
async def _create_analytic_source(): source_id = str(uuid.uuid4()) source_name = 'analytic-{}'.format(source_id) facts = [Fact(trait='test', value='test')] return Source(id=source_id, name=source_name, facts=facts)
async def _load_sources(self, plugin): for filename in glob.iglob('%s/sources/*.yml' % plugin.data_dir, recursive=False): for src in self.strip_yml(filename): source = Source.load(src) source.access = plugin.access await self.store(source)